Whoogle
Google's search results without Google's surveillance: Whoogle is a self-hosted proxy that strips the tracking and keeps the results. Your query goes from browser to your Whoogle instance, which fetches results from Google with a randomly generated User Agent and strips everything hostile before returning them: no ads or sponsored content, no third-party JavaScript or cookies, no AMP links, no URL tracking tags like utm_source, no referrer header - and Google sees your server's IP, never yours. Unlike metasearch engines that blend sources, Whoogle proxies Google exclusively, so result quality is exactly what you'd get logged out and incognito, minus the noise. A lightweight Flask app configured entirely through environment variables, it supports DuckDuckGo-style bang shortcuts, autocomplete suggestions, safe search, per-country and per-language filtering, site blocklists, and automatic rewriting of social links to privacy front-ends like Nitter and Invidious. Privacy hardening goes further: built-in Tor routing makes Google see an exit node instead of your server, HTTP/SOCKS proxy support covers other setups, and POST-based queries keep search terms out of logs. Light, dark, and fully custom CSS themes plus browser search-engine registration make it a drop-in default on desktop and mobile. Stateless, tiny, and trivial to run.
Endurain
A personal Strava on your own server: Endurain is a self-hosted fitness platform that keeps your complete workout history, GPS routes, and health data out of a vendor's cloud. It ingests the standard device formats (.gpx, .tcx, and preferred .fit with full sensor data) via manual or bulk upload, and syncs directly with Strava and Garmin Connect so migrating years of history is straightforward - Garmin sync covers activities, gear, and body composition. The dashboard shows activity feeds with weekly and monthly statistics, routes on maps, and distance, speed, and training-volume trends over time, with definable goals that update automatically. Gear tracking is notably deep: log wetsuits, bicycles, shoes, racquets, skis, and snowboards, assign default gear per activity type, and track individual components like bike chains against replacement mileage. Multi-user support with admin and user roles, follower features, per-activity privacy settings, and configurable sign-up (email verification, admin approval) make it usable for clubs and coaches as well as individuals. Auth is serious for a fitness app: MFA TOTP, OIDC/SAML SSO, and email-based password resets via Apprise. The stack is Vue.js over a Python FastAPI backend with PostgreSQL, plus weight, steps, and sleep logging, imperial/metric units, multi-language support, and third-party app integration.
Languagetool
Grammar, punctuation, and style errors a dictionary lookup can't see: LanguageTool is open-source proofreading powered by a Java rule engine covering English, German, Spanish, French, Portuguese, Dutch, and 25+ other languages. Self-hosting the HTTP server is how you get Grammarly-class checking without sending every sentence you write to a third party - a real concern when the text being proofread is confidential email, legal drafts, or unreleased documentation. Your instance exposes the standard /v2/check API, so the official ecosystem plugs straight in: browser extensions for Chrome and Firefox accept a custom server URL, and integrations exist for VS Code, LibreOffice, Obsidian, Vim, Emacs, and many editors. Notably, self-hosting restores free browser-extension checking that the hosted service moved behind a premium subscription - your server, no character limits, no paywall. Detection quality is tunable: optional n-gram datasets (multi-gigabyte language models for en, de, es, fr, nl) teach the engine word-order and confusion-pair errors like there/their and brakes/breaks, and a fastText model improves automatic language identification. Everything runs offline once models are downloaded. The core is LGPL, the API is documented with Swagger, and rules are community- maintained and constantly expanding.
Ghostfolio
Stocks, ETFs, crypto, bonds, precious metals, and cash across every account and currency, in one privacy-first dashboard: Ghostfolio is open-source wealth management software. The deliberate design decision is no brokerage linking: positions enter by manual entry, CSV import, or the REST API, so your holdings never pass through a data aggregator. Performance is measured as return on average investment across Today, WTD, MTD, YTD, 1Y, 5Y, and Max timeframes, with benchmark comparison against indices like the S&P 500, dividend tracking, and allocation breakdowns by asset class, region, and sector. A static X-ray analysis flags concentration and other portfolio risks, and a FIRE calculator projects progress toward financial independence. Multi-currency support converts holdings using historical exchange rates, market data comes from Yahoo Finance and CoinGecko among other pluggable providers, and everything exports back out as CSV or JSON. Built with Angular and NestJS on PostgreSQL and Redis, shipped as Docker images for amd64 and ARM, with a mobile-first PWA interface, dark mode, and a distraction-free Zen mode. AGPL-licensed.
Miniflux
One statically-compiled Go binary over PostgreSQL, no ORM, no framework, static assets embedded in the executable: Miniflux is the minimalist, opinionated feed reader. The opinions are the feature: page layout, fonts, and colors are tuned for reading, and everything else is treated as noise. It consumes Atom, RSS, and JSON Feed formats with OPML import/export, organizes articles with categories and bookmarks, fetches original full-text content for summary-only feeds, and provides Postgres-powered full-text search. Privacy work happens automatically: pixel trackers are stripped, tracking parameters removed from URLs, a media proxy blocks third-party tracking, referrers are never forwarded, and there is zero telemetry. Navigation is keyboard-first - j/k through items, o to open, f to star - with touch gestures on mobile. Podcast, video, and music enclosures are supported, and YouTube videos play inline. Over 25 integrations save articles onward to Wallabag, Readwise Reader, Pinboard, Linkding, Instapaper, Notion, Telegram, Matrix, Ntfy, and more, plus webhooks and a REST API with Go and Python clients; the Google Reader API endpoint supports existing mobile reader apps. Authentication spans local passwords, passkeys (WebAuthn), Google OAuth2, OpenID Connect, and reverse-proxy headers. It is Apache 2.0 licensed, translated into 20 languages, and updates feeds on an internal scheduler.
Omni Tools
The ad-riddled "free online tools" sites people paste sensitive text into and upload confidential PDFs to - OmniTools replaces that whole ecosystem with one self-hosted app. It bundles 50+ utilities behind one clean React/TypeScript interface: image tools (resize, convert, crop, edit), video and audio tools (trim, reverse, convert), PDF tools (split, merge, edit), text and list utilities (case converters, formatters, shufflers), plus date/time, math, and data-format helpers for JSON, CSV, and XML. The architectural decision that makes it trustworthy is that all file processing happens entirely client-side in the browser - the server only serves static assets, and nothing you process ever leaves your device. That design has a pleasant side effect: the host needs almost no resources (people run it on a Raspberry Pi Zero), because your browser does the work while the server just delivers files. The Docker image is a remarkable 28 MB, making it one of the fastest apps to deploy and cheapest to keep running. There are no ads, no tracking, no accounts, and no upload limits. With multi-language support and an MIT license, it works equally well as a personal toolbox or a team-wide internal utility portal - one URL that replaces a bookmark folder full of questionable converters. Actively developed with 50 contributors and 9,500+ GitHub stars.
Actual Budget
Every unit of income gets a job in Actual Budget - a local-first personal finance app built on envelope (zero-sum) budgeting, where you can only budget cash you actually have, which keeps the plan honest by construction. The data model is a SQLite file that lives on your device and works fully offline; the self-hosted Node.js sync server adds background multi-device synchronization using CRDT-based distributed-systems machinery, browser and mobile access as an installable web app, and automated backups. Optional end-to-end encryption makes the synced data unreadable even to the server hosting it. Transactions enter three ways: manual entry, file import (CSV, QIF, OFX, QFX, CAMT.053), or automatic bank syncing through GoCardless for EU/UK banks and SimpleFIN for US/Canada. Built-in YNAB4 and nYNAB importers migrate complete budget histories, and reports, schedules for recurring transactions, and rule-based transaction cleanup handle the day-to-day. A fully featured local API lets developers script custom importers and automation against their own data. 100% free, open source, and 26k stars strong.
Radicale
Calendars, to-do lists, journal entries, and contacts, synced over the open CalDAV and CardDAV standards nearly every client already speaks: Radicale is a small pure-Python server that works with Thunderbird, DAVx5 on Android, Apple Calendar and Contacts, GNOME, and many more. Its defining design choice is radical simplicity: there is no database. Events live as plain .ics files and contacts as .vcf files in an ordinary folder structure, which makes backup a copy command, migration a move, and disaster recovery a matter of reading text files. The server works out of the box with no complicated setup, then grows as needed: flexible authentication (htpasswd files among other methods), per-collection authorization rules, TLS-secured connections, and a plugin system for extending storage, auth, and rights handling. Built-in limits on parallel connections, file sizes, and failed authentication attempts harden it for network exposure behind a reverse proxy. A bundled web interface handles creating and managing calendars and address books - useful since many clients cannot create collections themselves. Maintained since 2011 with 140+ contributors, GPLv3-licensed, and light enough to run on the smallest VPS or a Raspberry Pi.
Swetrix
Traffic analytics, real-user performance monitoring, and client-side error tracking - normally three tools - in one cookieless, privacy-first dashboard: Swetrix. The Community Edition ships the same core engine as the cloud product - a NestJS API with ClickHouse for high-volume event storage, MySQL for relational data, and Redis for caching, fronted by a React dashboard and a ~5 KB tracking script with official packages for 20+ frameworks including Next.js, WordPress, and Shopify. Traffic analytics cover pageviews, referrers, UTM campaigns, geolocation, sessions with page flows, funnels, and custom events - all anonymized server-side with no cookies, no cross-device tracking, and no consent banner required for GDPR compliance. Performance monitoring records real-user metrics per pageview: TTFB, DNS and TLS timing, and render times, so regressions surface in the same place as traffic. Error tracking captures unhandled JavaScript exceptions automatically with formatted stack traces, filename/line metadata, affected browsers and pages, first/last-seen timestamps, and a resolve workflow - replacing a separate error monitoring subscription for many teams. Alerts fire to email, Slack, Telegram, Discord, or webhooks on traffic spikes, new errors, and custom events. If Plausible covers your traffic questions but you also want to know why the site broke, Swetrix answers both.
Plausible
Built as a direct rejection of the adtech model, Plausible is the best-known privacy-first web analytics tool - lightweight, cookie-free, and open-source. It sets no cookies and stores no personal data: unique visitors are counted via a hash of IP plus User-Agent that rotates every 24 hours and is never stored raw, so no consent banner is required and GDPR compliance is structural rather than contractual. The tracking script is under 1 KB - orders of magnitude lighter than GA - and the dashboard is a deliberate contrast to GA4's sprawl: one fast-loading page with visitors, sources, top pages, countries, devices, and UTM breakdowns, filterable by any dimension. Custom events and goals track signups and clicks, Google Search Console integration pulls in search queries, scheduled email reports keep stakeholders updated, and the Stats API (v2) plus CSV export feed data anywhere. This is the AGPL-licensed Community Edition, the same Elixir codebase that powers Plausible's cloud service, running as three containers: the web app, PostgreSQL for accounts, and ClickHouse for event storage - which means self-hosters get direct SQL access to raw analytics data the cloud version never exposes. Traffic data stays entirely on your server, with no visitor caps or per-pageview pricing.
Roundcube
Two decades of continuous development made Roundcube the standard-bearer of open-source webmail - a PHP IMAP client that gives any mail server a polished, application-like interface in the browser. It connects to whatever IMAP/SMTP stack you run - Dovecot, Postfix, a hosted mailbox - and delivers the full desktop-client experience: drag-and-drop message management, threaded conversation views, full MIME and HTML mail handling, find-as-you-type address book with groups and LDAP connectors, multiple sender identities, full-text search, and spell checking in dozens of languages. The default Elastic skin is genuinely responsive, working as well on a phone as a desktop, and the entire UI is skinnable. The plugin API is where deployments get shaped: managesieve exposes server-side filter management in the UI, enigma brings PGP encryption and signing via GnuPG, markasjunk trains spam filters, zipdownload batches attachments, password lets users change credentials, and attachment_reminder catches the classic forgotten-attachment email - among hundreds of community plugins. Built-in caching keeps large mailboxes fast, IMAP ACLs and shared folders support team setups, and XSS protection is engineered into the rendering pipeline. It scales from a single personal mailbox to unlimited users, backed by MySQL, MariaDB, PostgreSQL, or SQLite. GPL-licensed with regular security releases.
LibreTranslate
Machine translation with no Google, no Azure, no per-character billing, and no text leaving your infrastructure: LibreTranslate is a free, open-source translation API that runs entirely on your own server. The engine underneath is Argos Translate, which runs OpenNMT neural models with SentencePiece tokenization and Stanza sentence-boundary detection, all offline. Models install as portable .argosmodel packages covering dozens of languages - English, Spanish, French, German, Chinese, Japanese, Russian, Arabic, Hindi, Portuguese, and many more - and Argos handles automatic pivoting: with es-to-en and en-to-fr installed, it chains them to translate es-to-fr without a direct model. The API is a straightforward HTTP POST to /translate with source and target language codes, returning JSON - simple enough that the ecosystem has clients in every major language and integrations across tools like Weblate and Mastodon. Beyond plain text it translates HTML while preserving markup and handles whole file uploads (documents in, translated documents out), plus automatic language detection when the source is unknown. A clean bundled web UI serves interactive translation for end users, and optional API keys with rate limits control access. AGPL-licensed and trainable with custom models, it is the standard answer when translation must be private, unmetered, and self-contained - GDPR-sensitive text never touches a third party.
Password Pusher
Credentials sitting forever in email threads and chat scrollback - Password Pusher solves that everyday security failure. Instead of pasting a password into Slack, you push it - a password, note, file, URL, or QR code - and share a unique one-time link that expires after a set number of views, a time limit, or both. Content is encrypted at rest with AES-GCM under a configurable master key, optionally guarded by a passphrase, and permanently deleted from the database the moment it expires; a retrieval-step option keeps URL-scanning bots from consuming views. Full audit logs record when each link was created and viewed (and by whom, with logins), and TOTP two-factor authentication can be required instance-wide. The delivery page is deliberately unbranded - no logos or confusing links for recipients - and the interface ships in 31 languages with light and dark themes. Automation runs through a JSON API (v2), an official CLI for pushing and expiring secrets from the terminal, a Chrome extension, and a catalog of third-party integrations. Apache-2.0 licensed Ruby on Rails, deployable via Docker, Kubernetes, or Helm, with SQLite or PostgreSQL storage - the sysadmin staple for sending credentials that clean up after themselves.
BentoPDF
Merge, split, compress, convert, edit, annotate, redact, OCR, and sign PDFs - BentoPDF packs over 130 tools into a privacy-first toolkit that runs entirely in the browser through WebAssembly. Files are never uploaded - processing happens in browser memory on the user's machine and disappears when the tab closes, which makes the tool GDPR-clean by architecture and safe for financial, legal, and internal documents. The engine combines WASM builds of PyMuPDF, Ghostscript, and CoherentPDF; Tesseract handles OCR with searchable text-layer output; Office conversions cover Word, Excel, and PowerPoint; and digital signatures use X.509 certificates (PFX/PEM) with the private key staying on the client. Because there is no server-side processing, deployment is a static-file exercise: a single Docker container, or any static host. A dedicated self-hosted build strips the marketing pages while keeping every tool, and air-gapped deployments are first-class - an automated script bundles the WASM modules, OCR language data, and fonts for fully offline networks. No accounts, no limits, no watermarks; TypeScript and Vite under the hood.
Monica
Take the tool sales teams use to never forget a client detail and point it at the people who actually matter - friends, family, the colleague whose kid's name you keep blanking on: Monica is a personal CRM. It's a Laravel/PHP application over MySQL where each contact accumulates the texture of a real relationship: how you met, family members and pets, work changes, addresses, notes from conversations, activities done together, gift ideas and gifts given, even debts owed in multiple currencies. Two features set it apart from every contact app. Reminders with staying power: set per-contact intervals (weekly through yearly), get notified at 30 days, 7 days, and day-of, with automatic birthday reminders and CalDAV sync to your calendar. And a journal linked to contacts: write about dinner with friends, tag each person, and build a timeline that's part diary, part relationship log - plus a daily "how was your day" rating. Monica is deliberately manual and deliberately private: no social network features, no AI, no email scraping, no ads, no analytics - a quiet database of what you know about people you love, on your own server. Multiple vaults and users, labels, custom activity types, and document/photo uploads round it out. AGPL-licensed.
SearXNG
Up to 280 search services - Google, Bing, DuckDuckGo, Brave, Qwant, Startpage - aggregated without tracking or profiling: SearXNG is a privacy-respecting metasearch engine (AGPL-3.0, successor to Searx). Your instance queries the upstream engines on your behalf: your IP address, cookies, and search history never reach them, tracker parameters are stripped from result URLs, and an optional image proxy fetches thumbnails server-side so result pages leak nothing. It can even route outbound queries through Tor for full anonymity. Search is organized into categories - general, images, videos, news, maps, music, IT, science, files - with bang shortcuts for targeting specific engines, and every source can be enabled, disabled, or weighted per category in settings.yml. A plugin system adds calculators, hash tools, tracker removal, and unit conversions inline, and preferences (themes, safe search, languages, engine selection) persist in cookies rather than server-side accounts. The real argument for running your own instance rather than trusting a public one is control: you decide the logging policy (none), the engine mix, rate limiting, and who gets access - making it the default search backend for browsers, families, and teams that want Google-quality results without the profile.
MediKeep
Your medical history, fragmented across a dozen patient portals, in one place on your server: MediKeep (formerly Personal Medical Records Keeper) is a self-hosted health record system. Built with a React frontend and FastAPI backend over PostgreSQL, it organizes 14 categories of medical data - medications with dosages and schedules, conditions, procedures, allergies, immunizations, symptoms, injuries, doctor visits and encounters, treatments, lab results, and even medical equipment with service dates and supplier info. Treatment management is genuinely sophisticated: an advanced mode links treatments to their medications with per-medication overrides for prescriber, pharmacy, and effective dates, and reverse lookup shows which treatments use a given medication. A dashboard summarizes records and recent activity, file uploads attach documents to records, and tagging works across categories. When a new specialist asks for your history, the report builder assembles custom reports by category and exports to PDF, JSON, or CSV - a curated, portable summary instead of a folder of photocopies. Authentication supports Google and GitHub SSO with OIDC providers like Keycloak and Authelia expected to work, and the built-in backup system protects the archive. Health data is exactly what should never live in someone else's cloud.
Vaultwarden
The Bitwarden server, reimplemented in Rust: Vaultwarden (formerly bitwarden_rs) is the unofficial lightweight edition. It speaks the same wire protocol as the official server, so every official Bitwarden client - browser extensions, iOS, Android, desktop, and the bw CLI - connects without modification, while the server itself runs as a single container against SQLite (or MySQL/MariaDB/PostgreSQL) instead of the official multi-container stack that wants gigabytes of RAM. Features Bitwarden gates behind paid tiers ship free: organizations with collections, groups, member roles, and policies; TOTP code storage; file attachments; Bitwarden Send; Emergency Access; event logs; and admin password reset. Two-factor options cover authenticator apps, email, FIDO2 WebAuthn, YubiKey, and Duo, and OIDC-based SSO landed natively in v1.35.0. Zero-knowledge encryption is unchanged - vault data is encrypted client-side and the master password never reaches the server. Attachments and Sends store on local disk or S3-compatible backends, an admin panel manages users and server settings, and backup is copying one data directory. Suited to individuals and teams up to roughly 50 users.